What is AWS Lambda Layers?
AWS Lambda layer lets you write Lambda function that can pull additional code and content in the form of layers, which are nothing but ZIP archives that contains custom runtime, libraries and other dependencies with that you can use libraries in your function without needing them to include in your deployment which makes your deployment package small, easiest and lets you avoid package configuration and install errors in your code.
AWS Lambda Layers
AWS Lambda Partners offers its own Layers with AWS customers across security, monitoring, and application management.
1. Security Layers
Cloud Security is the highest priority at AWS. It is a shared responsibility between you and AWS as security of the cloud and security in the cloud.
- Security of the Cloud: AWS is responsible for the AWS service infrastructures and ensures that the services are used securely.
- Security in the Cloud: The AWS service that you use determines your responsibility. The factors that you are responsible for, include the sensitivity of your data, the requirement of your company, and other regulations and laws applicable.
Examples of Security Layers from APN partners are:
- Protego offers the Protego Function Self Protection (FSP) module.
- PureSec helps to govern and enforce serverless security best practices.
- Twistlock provides security controls with its Defender Layers.
2. Monitoring Layers
All the Lambda functions are automatically monitored by AWS Lambda, and the metrics are reported through CloudWatch. Lambda automatically tracks the number of requests, the number of requests resulting in errors, and the execution duration per request. The AWS Lambda console, the CloudWatch console, and other AWS resources display the request rates and error rates of your Lambda functions. Examples of Monitoring Layers from APN partners are:
- Datadog offers an instrumentation layer for Python
- Epsagon offers a layer that enables Epsagon distributed tracing.
- IOpipe offers configurable and multi-dimensional alerting.
- NodeSource offers low-impacting monitoring for Node.js.
3. Application Management Layers
The AWS console helps you monitor and manage Lambda Applications. The AWS CloudFormation stacks are listed in the application menu with Lambda functions. The following information about your application will be displayed:
- SAM Template or AWS CLoudFormation Template – It’s the template that defines your application.
- Resources – The AWS resources defined in your application’s template. Choose a function name from the list, to manage the application’s Lambda functions.
Examples of Application Management Layers from APN partners are:
- Serverless Framework lets developers deploy serverless applications.
- Stackery displays you a list of all the layers in your account that you can apply to your function.
AWS Lambda Runtime API Partners
You can select a custom runtime when creating or updating a function, with the Lambda Runtime API. Your own runtimes can be published or you can use the runtimes provided by others. Examples of APN Partners that have provided support for new runtimes are:
- Alert Logic provides runtime libraries for Erlang and
- BluAge provides support for
- Stackery provides a PHP runtime layer.
You can add up to 5 layers to your function’s configuration, during or after the function creation. Layer versions can be specified and are updatable later in function’s configuration.
Addition of a Layer to a Function
- You can add multiple layers from the same account as the function or from a different account, by specifying its path.
- Versions of each layer can be specified by providing the full ARN of the layer version.
- Previous layers will be overwritten when adding new layers to the same function.
- Specify an empty list to remove all the layers.
- Functions will access layers during execution in the /opt
- The version in the last applied layer is used if the same file appears in multiple layers.
- If a layer is deleted by its creator, the function continues to run as long as the version of the layer exists.
Creation of a Layer
- Along with the command, name, description, ZIP archive, and a list of optional runtimes compatible with the layer are used.
- A new version is created when the publish-layer-version is called each time.
- Command to find compatible layers with your function’s runtime is,
- Command to see all the versions of a layer is,
- Command to get more details about a version is,
- Command to delete a layer version is,
- Functions cannot be configured to use layer versions, once you delete it.
Including Libraries in a Layer
Place the libraries in runtime supported folders to include them in a layer.
- To configure a function within a layer or to use a layer in another account, user policy permissions from the owner are needed.
- The command for adding such permissions is,
- Permissions are applicable to a single version of the layer.
- Permissions should be given, each time you create a new layer version.
AWS Lambda offers a cloud-native platform for short-running, stateless computation, event-driven applications. AWS Lambda layers let you keep your deployment package small and make development easier. Also, it helps to build rule-based self-managing infrastructure with reduced errors and less time consumption.
This is a guide to the AWS Lambda Layers. Here we discuss the different layers of AWS Lambda which include security layers, monitoring layers, and application management layers along with its Configurations. You may also look at the following articles to learn more –